Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2851 | CVE-2026-23571 |
|
29.5th | 6.8 | A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers | |
| 2852 | CVE-2024-58096 |
|
29.5th | 5.5 | This CVE describes a race condition vulnerability in the Linux kernel's ath11k WiFi driver when oper | |
| 2853 | CVE-2026-1174 |
|
29.5th | 5.3 | This vulnerability in birkir prime's GraphQL Alias Handler allows remote attackers to cause resource | |
| 2854 | CVE-2025-21562 |
|
29.3th | 4.3 | This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticate | |
| 2855 | CVE-2024-39967 |
|
29.3th | 6.5 | CVE-2024-39967 is an insecure permissions vulnerability in Aginode GigaSwitch v5 that allows attacke | |
| 2856 | CVE-2024-7322 |
|
29.3th | 5.8 | This vulnerability allows an attacker to send a malicious encrypted rejoin response to ZigBee device | |
| 2857 | CVE-2025-22305 |
|
29.3th | 6.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 2858 | CVE-2024-50684 |
|
29.2th | 6.5 | The SunGrow iSolarCloud Android app uses a weak AES encryption key with insufficient randomness, all | |
| 2859 | CVE-2025-31163 |
|
29.3th | 6.6 | A segmentation fault vulnerability in fig2dev version 3.2.9a allows attackers to cause denial of ser | |
| 2860 | CVE-2025-22770 |
|
29.3th | 5.4 | This CVE describes a missing authorization vulnerability in the Envo Multipurpose WordPress theme th | |
| 2861 | CVE-2025-27180 |
|
29.3th | 5.5 | CVE-2025-27180 is an out-of-bounds read vulnerability in Substance3D Modeler that could allow an att | |
| 2862 | CVE-2025-27679 |
|
29.2th | 6.1 | This cross-site scripting (XSS) vulnerability in Vasion Print (formerly PrinterLogic) allows attacke | |
| 2863 | CVE-2025-1893 |
|
29.2th | 4.3 | A denial-of-service vulnerability in Open5GS AMF component allows a single malicious UE to crash the | |
| 2864 | CVE-2025-3129 |
|
29.3th | 4.8 | This vulnerability allows attackers to perform brute force attacks against Drupal Access code authen | |
| 2865 | CVE-2025-20195 |
|
29.2th | 4.3 | This CSRF vulnerability in Cisco IOS XE web management interface allows unauthenticated remote attac | |
| 2866 | CVE-2025-5450 |
|
29.2th | 6.3 | This vulnerability allows authenticated administrators with read-only permissions to modify restrict | |
| 2867 | CVE-2025-10766 |
|
29.3th | 4.3 | This CVE describes a path traversal vulnerability in SeriaWei ZKEACMS up to version 4.3. Attackers c | |
| 2868 | CVE-2025-10061 |
|
29.3th | 6.5 | An authorized MongoDB user can cause a denial of service by sending specially crafted $group queries | |
| 2869 | CVE-2025-62503 |
|
29.2th | 4.6 | This vulnerability allows authenticated users with CREATE privilege but no UPDATE privilege for Pool | |
| 2870 | CVE-2025-10186 |
|
29.2th | 5.3 | This vulnerability allows unauthenticated attackers to delete data from the WhyDonate WordPress plug | |
| 2871 | CVE-2025-65572 |
|
29.3th | 6.1 | This Cross-Site Scripting (XSS) vulnerability in AllskyTeam AllSky allows remote attackers to inject | |
| 2872 | CVE-2025-65804 |
|
29.2th | 6.5 | This CVE describes a stack overflow vulnerability in Tenda AX3 routers that allows remote attackers | |
| 2873 | CVE-2026-1391 |
|
29.3th | 5.3 | The Vzaar Media Management WordPress plugin versions up to 1.2 contain a reflected cross-site script | |
| 2874 | CVE-2026-25723 |
|
29.2th | 6.5 | CVE-2026-25723 is an input validation vulnerability in Claude Code that allows attackers to bypass f | |
| 2875 | CVE-2025-14047 |
|
29.3th | 5.3 | This vulnerability in the WP User Frontend WordPress plugin allows unauthenticated attackers to dele | |
| 2876 | CVE-2025-23200 |
|
29.1th | 4.6 | This stored cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to inject maliciou | |
| 2877 | CVE-2024-13193 |
|
29.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary SQL commands via the SEMCMS_Images.p | |
| 2878 | CVE-2024-13563 |
|
29th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 2879 | CVE-2025-1225 |
|
29th | 6.3 | This XXE vulnerability in ywoa's WXCallBack Interface allows attackers to read arbitrary files from | |
| 2880 | CVE-2025-0588 |
|
29.1th | 4.9 | This vulnerability in Octopus Server allows authenticated users with sufficient privileges to set cu | |
| 2881 | CVE-2025-0862 |
|
29.1th | 4.9 | This stored XSS vulnerability in the SuperSaaS WordPress plugin allows authenticated attackers with | |
| 2882 | CVE-2024-13733 |
|
29th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 2883 | CVE-2025-2607 |
|
29.1th | 6.3 | This critical vulnerability in LzCMS-LaoZhangBoKeXiTong allows attackers to upload arbitrary files w | |
| 2884 | CVE-2025-27933 |
|
29.1th | 5.4 | Mattermost fails to enforce channel conversion restrictions, allowing users with permission to conve | |
| 2885 | CVE-2024-13810 |
|
29th | 4.3 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to im | |
| 2886 | CVE-2025-39728 |
|
29.1th | 5.5 | This CVE describes an array bounds vulnerability in the Linux kernel's Samsung clock management unit | |
| 2887 | CVE-2024-22314 |
|
29.2th | 5.9 | IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.12 use weak cryptographic algor | |
| 2888 | CVE-2025-20150 |
|
29.1th | 5.3 | An unauthenticated remote attacker can enumerate valid LDAP usernames on vulnerable Cisco Nexus Dash | |
| 2889 | CVE-2025-22075 |
|
29.1th | 5.5 | A memory allocation vulnerability in the Linux kernel's rtnetlink component causes kernel warnings a | |
| 2890 | CVE-2025-22071 |
|
29.1th | 5.5 | This CVE describes a memory leak vulnerability in the Linux kernel's SPUFS (Synergistic Processing U | |
| 2891 | CVE-2025-21975 |
|
29.1th | 5.5 | This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's mlx5 network drive | |
| 2892 | CVE-2025-21956 |
|
29.1th | 5.5 | This CVE addresses a kernel warning in AMD GPU display drivers when handling 14-bit color depth. The | |
| 2893 | CVE-2025-21904 |
|
29.1th | 5.5 | A NULL pointer dereference vulnerability in the Linux kernel's caif_virtio driver could cause kernel | |
| 2894 | CVE-2025-21898 |
|
29.1th | 5.5 | This CVE addresses a potential division by zero vulnerability in the Linux kernel's ftrace subsystem | |
| 2895 | CVE-2025-47712 |
|
29th | 6.5 | A vulnerability in nbdkit's blocksize filter allows denial of service when clients request block sta | |
| 2896 | CVE-2025-5714 |
|
29th | 4.3 | This CVE describes a path traversal vulnerability in SoluçõesCoop iSoluçõesWEB's profile update | |
| 2897 | CVE-2025-48432 |
|
29.1th | 4.0 | A log injection vulnerability in Django allows attackers to manipulate HTTP response logging by send | |
| 2898 | CVE-2025-7259 |
|
29.1th | 6.5 | An authorized MongoDB user can cause a server crash by issuing queries containing duplicate _id fiel | |
| 2899 | CVE-2025-55521 |
|
29.1th | 6.5 | An authenticated attacker can send a specially crafted POST request to the /settings/localisation en | |
| 2900 | CVE-2025-36592 |
|
29th | 5.4 | Dell Secure Connect Gateway Policy Manager versions 5.20 through 5.28 contain a cross-site scripting |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free